How to disable drive and clipboard redirection and lock down the d/top for some users only

I'd like to selectively lock down the desktop for some users only on a Remote Desktop Session Host. I have tried setting the Group Policy Object Editor :
Computer Confifuration | Administrative Templates | Windows Components | Remote Desktop Services | Remote Desktop Session Host | Device And Resource Redirection
Also tried the "Remote Desktop Session Host Configuration" tool.
Trouble is, it applies to everyone. Is this possible on a Windows 2008 R2 terminal server?
nextsolnAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

getofmelandCommented:
You will need to do a user configuration group policy based on users to be able to do this and then apply it to a security group, rather than authenticated users.
0
nextsolnAuthor Commented:
In the user configuration there is an option for the clipboard but not the drives that I can see. I suppose there is two locations, the Remote Desktop Session Host Configuration that I would remove the option to disable the drive redirection and the clipboard. I could then use the GPO to lock them down based on the user configuration and apply that to the server OU and the specific security group I have created. The problem is that I have tried this and it still doesn't work. Am I missing something?
0
getofmelandCommented:
Do you users only use RDS? or do they log on to other hosts?

Do they have other Group Policies applied to them?
0
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

getofmelandCommented:
0
nextsolnAuthor Commented:
The users operating 95% of the time on the TS
yes we have a variety of GPO's that are applied to users
Yes I have enabled the loopback processing to no avail
I suppose the question would be, is it certainly possible to achieve. Theoretically is should all work but do you happen to know if this is possible to achieve and hence I have mis-configured something?
0
AcklesCommented:
Alright, there are certain things which are left to assumption, so let's first sort them out...

Please create an OU for your TS, drag the Server in it & then on that OU apply the policy :User Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection.

http://technet.microsoft.com/en-us/library/ee791787(WS.10).aspx

Now, if there is something conflicting coming from any upper level (which is not enforced) then you can block inheritance.

Now since you have this as a User policy, please enable Loopback Policy on this.

After this, go to the Delegation Tab & "Deny" Apply Group Policy for the Group you don't want the policy to be applied.

Most important thing, After you have done all this "Reboot" the Server as you moved it to the new OU & it needs to understand the location.

all the best,
A
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AcklesCommented:
As for Drrive Redirection:
It is only in:
Computer Confifuration | Administrative Templates | Windows Components | Remote Desktop Services | Remote Desktop Session Host | Device And Resource Redirection > Do not allow Drive Redirection.

That means, anyone going on it will get it.

A
0
AcklesCommented:
Any news?
A
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.